NJ federal grand jury indicts two men in Iran in national ransomware scheme

WASHINGTON, D.C. (KYW Newsradio) — A federal grand jury in New Jersey has indicted two men in Iran for allegedly using ransomware to hack into governments, hospitals and businesses both private and public from coast to coast over a three-year period.

The two men, identified as 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri, are charged with using the “SamSam” program to threaten computer systems with a complete shutdown if Bitcoin payments weren’t made within a week.

Among more than 200 entities threatened were the cities of Atlanta and Newark, the port of San Diego, the Colorado Transportation Department and a half-dozen hospital chains.

“They’re trying to impact our way of life,” New Jersey U.S. Attorney Craig Carpenito told reports at a Washington news conference. “They’re hitting the most critical targets because they want to maximize their profits. But they’re also trying to maximize the damage that they can do.”

All told, the businesses paid $6 million and lost more than $30 million more, and that’s just covering 15 percent of the victims.

Officials in the Justice Department and the FBI who also attended the news conference said the two men used a number of tactics to target the most vulnerable of institutions most likely to quickly comply with their ransom demands.

Carpenito added that, over time, the two men became more sophisticated in their process.

“They used techniques like doing this in off-business hours so that they could hit these vulnerable institutions at points in time when their I.T. infrastructures wouldn’t be able to respond, detect or prevent the attacks in real time, getting to the maximum number of computers and hopefully getting to the backup tapes,” Carpenito said.

While officials concede it will be difficult to get the suspects out of Iran, it is hoped that people, businesses and governments alike will learn from this case, beef up their on line security and report ransomware attacks, rather than just pay up.